← back
CVE-2022-4124

Popup Manager <= 1.6.6 - Unauthenticated Arbitrary Popup Deletion

CVSS 4.3 MEDIUMEPSS 0.3%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
19 Dec 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Affected products
Unknown · Popup Manager